{ pkgs, config, ... }:
{
  imports = [
    ./common.nix
  ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
      name = "fj-x86_64";
      url = "https://git.hsn.dev";
      # Obtaining the path to the runner token file may differ
      tokenFile = config.sops.secrets.forgejo-runner-token.path;
      labels = [
        "x86_64"
        "linux"
        "pc"
        "docker-x86_64:docker://node:20-bullseye"
        "native-x86_64:host"
      ];
    };
  };

  sops.secrets."cachix/agent_auth_tokens/fj-x86_64" = {
    # configure secret for cachix deploy agent.
    sopsFile = ./secrets.sops.yaml;
    mode = "0444";
    restartUnits = [ "cachix-agent.service" ];
  };

  services.cachix-agent = {
    enable = true;
    credentialsFile = config.sops.secrets."cachix/agent_auth_tokens/fj-x86_64".path;
  };
}